vincent/homelab
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat: implement mealie
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
vincent 2024-04-28 16:10:43 +02:00
parent 2f6c814fb1
commit 69a2ad4efd
8 changed files with 195 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/group_vars/database/database
View File

@ -24,6 +24,8 @@ postgresql_databases:
owner: pdns-auth owner: pdns-auth
- name: pdns-admin - name: pdns-admin
owner: pdns-admin owner: pdns-admin
- name: mealie
owner: mealie
postgresql_hba_entries: postgresql_hba_entries:
- {type: local, database: all, user: postgres, auth_method: peer} - {type: local, database: all, user: postgres, auth_method: peer}

90
ansible/group_vars/database/vault_database
View File

@ -1,45 +1,47 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
64656332666561346439636331396439333566646361333031613764376634363061623635356630 38633535353630393131613866663164303337323939363261633266376163336664313930336664
3832326235316435316264653637396130383465323234630a653138393161316232323236323366 3135653966393866633438306361303165633337306333640a333532336662323333376333386637
32363661633631623132323864663366633766396266623630636135396165663062353434613231 37376462646539653637323930366239353036376330623732393434353231333730653338386433
6363646665626439610a313233313639333232393035633139326561316431393837616231313933 6238333164646237620a316434373136393765363630306130353237623961353166376233366364
38646532613665666136316635376533653161616630313532333330393364636662653331336637 34616362626231393732333535373765616533333038326636626434396432323831313530623562
39353462336130333933383033656634633461333461393730633333343330306432623466623062 31616331323936643761373639336132666166613163616431346330643333613738663231353433
32353962623338356630393935646537313335313335323464666265303732653633396332363965 66353264616535346238313061646362313764613733383334313230383539643961653339313931
36356338386330653863646134623234623230356232643535643763303162626132333530626639 64326634646133386162353835633630386235343637666437643238616233643036343566393962
39316166613862356264336362303833343236616635613136356433663766383861333832656261 32646334306439326664666139396136333033396536656438316130393032653563623539653430
35613662653266396461383162303230613865373232353437646131633063633634346633383563 33393564303135363738326630373232396235383635313366333333666564613162613235613066
31323736303537643433633235613464376230373332613331623439643462313362356437623463 66636430623335393562323365383030633335353834313065346566626632316162323761633637
65326335653938626461353332356434303962376630626666666631386334316261653639623633 64356136313438313161353933633133623861623638646463366134636630616630373466336436
34326633393330313064326562363838316366316361626662393435363262333264626333396136 34363264613665393062666330373934666230313662383862353336613531366139666636333635
66353936623763323865656632373763303365316131663064343830663330323566346535316436 66383730363630396131636338396461356563353164373466343334646336383536623661353235
63623931383461363364613632363661613734306535373536643236656161393634633435653862 38663761353462306562336237663133633032323037663932643966393032613337656163313636
34316666353234646633633635653934373335396635343035663238323636323662346632303865 65303732636331646231346366376631353436306332306439323563383765636537613061346463
35326333366439646661303437626238326435313032373031636535353963666263636635366234 61383666653537353732343834613461393133393264633336643966643532373336333761316464
36336562633666623932653465376237366232306262386565646631346432346631353566326535 62656562343733626331663066646462393835623065636432356634356630643761393538323437
32356337333762653161376439353035323633363833633862336134366132623963326231643461 62353934633839616631616564353833633739333366633162313166646664646663303132363536
35623863373730313935393631626266336465613261636364353533666233613831323031643035 36626461653764613238623237643965333932666563303461323566653137313431323364646334
32663630316264633932643132633061303438613339646264666334306630643038323632366330 39326135306330373233333538646130343035373231323461633637353836356236653862343432
31366365333039636434613537386436313539396632613766333136663638393462653263613165 36656239653838313035333761343261646665316530393739643538373231303764343762646565
33323937313031626233623237616464323939303131613465326362346632346538323161343362 61343334356438663831386166626662613361616632346631373466656335323838346131366634
65353839386133326233356561363864336261663135343865323861623330613736333835396261 39383534306139313934316431623638363734616438396335323430643537663166663061626464
64653361333530326630363633383836396565646463396239616261646635303535316135306537 63356230343062666165393062386461393233616238613366643164336538356636303635343036
64343830616566663633323531383464383834373539646637633465616533383238346565303337 62363664326231313864613164353561346238363237613935323361313135303366306464333631
34386561626266303833353665306335326264343533386263626562373633303135313735643733 31633730353637303933666137373238643731356361393731616566366564373330326365333362
37333766373465326133663663303166316134643732343938343930616631383137356137373564 38326338633938363935633735633830663635363036393661303031663035386238383566393339
31633831663264653762326534343635323364313632353661323330646638363062346137646337 61376333363832386131663962323932663263356335346538616261626432376638396235333163
61323334623434613333613038633637666131393338653839373835633062396661653537343138 62333439353836633931306262633065306235313633356266383837313134633334623762333362
61643961623366393735393438356461333731326265313937613066323038313163353835363135 37306235333066626435313465636632316131396565396161396437653038333865656532623537
33323932353264313536393865373232333930613636343661613033656165616237373439383531 66656237393139363034366337386262386130373662363432333137356134373966376261323930
38393932366633616639303964386333386462353935646432663330313137306465386634633931 34396666636533633762373532316336623634383963323635613435373734343935363136353634
33656533306665653836363830363164303039356463386130663536636330396138643363383838 66616530656265323536343934353534633736316538316565336637623631376236363031623161
35393966646630663535623836303262353739353063303763333530383630353838623939376535 36666339643265313738373262353739633337383134363832343330643662396133393163623661
34343239373831623232343530396561393730303066323236306539333263656133366363396534 63323739303464313132353766613831396338393338636531343936353134663232323033306230
30666662336435313561666536643231633562663037353837303936326164353366333032656431 66636562386466353061343161336335323763663564343863373362303962373534356366346564
39303063343536336431336637323239356432616562656565306561666664663930303232313464 31353565333963623736376239363838346530646262356533613431346361653962313765636532
34333236613239656562323037656137376135396636323361383565336636303338663138396238 64333634646664613436316331313832613463646335373261303363653030346235313666633365
65396130303931393266636630656637333464346361303763653931383464326365333232623437 65666562623832346364646364356333386130633130346533633437333033616232363162613936
61623263316562643636386637303531626238333131656130306236636230626362653935353331 36353737653031383165396163346561306136376531613338323665393763663339613236353837
34366663303235653431616135343963643935303336313231343562376430343564393832343335 32653233343235306262353665353861623132663961386338383238346335313039383866613830
36363130313533373137383738346438666634303537633232636535303835636333653636303937 31373634613039633466376330386563653638656631333839346131616332326363343935363731
39356339656234303432 61643433653463313833623834643862623238613561666630363137393730333538666361613937
32663630303864396630303465343064333035313836346131393834303135323766303861666133
3030326636393762613263626666373133363237633030356265

36
nomad-job/authelia.nomad.hcl
View File

@ -99,10 +99,19 @@ identity_providers:
- key_id: 'key' - key_id: 'key'
key: | key: |
{{ with secret "secrets/data/nomad/authelia"}}{{ .Data.data.rsakey|indent 8 }}{{end}} {{ with secret "secrets/data/nomad/authelia"}}{{ .Data.data.rsakey|indent 8 }}{{end}}
cors:
endpoints:
- userinfo
- authorization
- token
- revocation
- introspection
allowed_origins:
- https://mealie.ducamps.eu
allowed_origins_from_client_redirect_uris: true
clients: clients:
- client_id: 'ttrss' - client_id: 'ttrss'
client_name: 'ttrss' client_name: 'ttrss'
# client_secret: $pbkdf2-sha512$310000$5igZ9BADDMeXml91wcIq3w$fNFeVMHDxXx758cYQe0kmgidZMedEgtN.zQd12xE9DzmSk8QRRUYx56zpjzLTO8PcKhDgR3qCdUPnO/XDdEDLg
client_secret: {{ with secret "secrets/data/authelia/ttrss"}} {{ .Data.data.hash }} {{end}} client_secret: {{ with secret "secrets/data/authelia/ttrss"}} {{ .Data.data.hash }} {{end}}
public: false public: false
scopes: scopes:
@ -114,9 +123,24 @@ identity_providers:
userinfo_signed_response_alg: none userinfo_signed_response_alg: none
authorization_policy: 'one_factor' authorization_policy: 'one_factor'
pre_configured_consent_duration: 15d pre_configured_consent_duration: 15d
- client_id: 'mealie'
client_name: 'mealie'
public: true
require_pkce: true
pkce_challenge_method: 'S256'
scopes:
- openid
- email
- profile
- groups
redirect_uris:
- 'https://mealie.ducamps.eu/login'
userinfo_signed_response_alg: none
authorization_policy: 'one_factor'
token_endpoint_auth_method: 'none'
log: log:
level: 'debug' level: 'trace'
totp: totp:
issuer: 'authelia.com' issuer: 'authelia.com'
@ -124,7 +148,7 @@ totp:
authentication_backend: authentication_backend:
ldap: ldap:
address: 'ldaps://ldap.ducamps.eu' address: 'ldaps://ldap.service.consul'
implementation: 'custom' implementation: 'custom'
timeout: '5s' timeout: '5s'
start_tls: false start_tls: false
@ -135,11 +159,13 @@ authentication_backend:
additional_users_dn: 'OU=users' additional_users_dn: 'OU=users'
users_filter: '(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))' users_filter: '(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))'
additional_groups_dn: 'OU=groups' additional_groups_dn: 'OU=groups'
groups_filter: '(&(member=UID={input},OU=users,DC=ducamps,DC=eu)(objectClass=groupOfNames))' #groups_filter: '(&(member=UID={input},OU=users,DC=ducamps,DC=eu)(objectClass=groupOfNames))'
groups_filter: '(&(|{memberof:rdn})(objectClass=groupOfNames))'
group_search_mode: 'memberof'
user: 'uid=authelia,ou=serviceAccount,ou=users,dc=ducamps,dc=eu' user: 'uid=authelia,ou=serviceAccount,ou=users,dc=ducamps,dc=eu'
password:{{ with secret "secrets/data/nomad/authelia"}} '{{ .Data.data.ldapPassword }}'{{ end }} password:{{ with secret "secrets/data/nomad/authelia"}} '{{ .Data.data.ldapPassword }}'{{ end }}
attributes: attributes:
distinguished_name: 'distinguishedname' distinguished_name: ''
username: 'uid' username: 'uid'
mail: 'mail' mail: 'mail'
member_of: 'memberOf' member_of: 'memberOf'

94
nomad-job/mealie.nomad.hcl Normal file
View File

@ -0,0 +1,94 @@
job "mealie" {
datacenters = ["homelab"]
priority = 50
type = "service"
meta {
forcedeploy = "0"
}
constraint {
attribute = "${attr.cpu.arch}"
value = "amd64"
}
group "mealie" {
network {
mode = "host"
port "http" {
to = 9000
}
}
volume "mealie-data" {
type = "csi"
source = "mealie-data"
access_mode = "multi-node-multi-writer"
attachment_mode = "file-system"
}
vault {
policies = ["mealie"]
}
task "mealie-server" {
driver = "docker"
service {
name = "mealie"
port = "http"
tags = [
"homer.enable=true",
"homer.name=Mealie",
"homer.service=Application",
"homer.subtitle=Mealie",
"homer.logo=https://mealie.ducamps.eu/favicon.ico",
"homer.target=_blank",
"homer.url=https://${NOMAD_JOB_NAME}.ducamps.eu",
"traefik.enable=true",
"traefik.http.routers.${NOMAD_JOB_NAME}.rule=Host(`${NOMAD_JOB_NAME}.ducamps.eu`)",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.domains[0].sans=${NOMAD_JOB_NAME}.ducamps.eu",
"traefik.http.routers.${NOMAD_JOB_NAME}.tls.certresolver=myresolver",
"traefik.http.routers.${NOMAD_JOB_NAME}.entrypoints=web,websecure",
]
}
config {
image = "ghcr.io/mealie-recipes/mealie"
ports = ["http"]
}
volume_mount {
volume = "mealie-data"
destination = "/app/data"
}
env {
PUID = "1000001"
PGID = "1000001"
TZ = "Europe/Paris"
MAX_WORKERS = 1
WEB_CONCURRENCY = 1
BASE_URL = "https://mealie.ducamps.eu"
OIDC_USER_GROUP = "MealieUsers"
OIDC_ADMIN_GROUP = "MealieAdmins"
OIDC_AUTH_ENABLED = "True"
OIDC_SIGNUP_ENABLED = "true"
OIDC_CONFIGURATION_URL = "https://auth.ducamps.eu/.well-known/openid-configuration"
OIDC_CLIENT_ID = "mealie"
OIDC_AUTO_REDIRECT = "false"
OIDC_PROVIDER_NAME = "authelia"
DB_ENGINE = "postgres"
POSTGRES_USER = "mealie"
POSTGRES_SERVER = "active.db.service.consul"
POSTGRES_PORT = 5432
POSTGRES_DB = "mealie"
LOG_LEVEL = "DEBUG"
}
template {
data = <<EOH
{{ with secret "secrets/data/database/mealie"}}POSTGRES_PASSWORD= "{{ .Data.data.password }}" {{end}}
EOH
destination = "secrets/var.env"
env = true
}
resources {
memory = 300
}
}
}
}

17
nomad-job/volume/mealie-data.hcl Normal file
View File

@ -0,0 +1,17 @@
type = "csi"
id = "mealie-data"
name = "mealie-data"
external_id = "mealie-data"
plugin_id = "nfs"
capability {
access_mode = "multi-node-multi-writer"
attachment_mode = "file-system"
}
context {
server = "nfs.service.consul"
share = "/nomad/mealie"
}
mount_options {
fs_type = "nfs"
mount_flags = [ "vers=4" ]
}

3
script/generate-vault-secret
View File

@ -69,7 +69,8 @@ def main() -> None:
} }
} }
listAutheliaSecret=[ listAutheliaSecret=[
"authelia/ttrss" "authelia/ttrss",
"authelia/mealie"
] ]
token=os.getenv('VAULT_TOKEN',"") token=os.getenv('VAULT_TOKEN',"")

3
terraform/dns/variable.tf
View File

@ -37,7 +37,8 @@ variable cnameList{
"www", "www",
"mail", "mail",
"ldap", "ldap",
"budget" "budget",
"mealie",
] ]
} }

1
terraform/vault/nomad.tf
View File

@ -25,6 +25,7 @@ locals {
"pdns", "pdns",
"ldap", "ldap",
"borgmatic", "borgmatic",
"mealie",
] ]
nomad_custom_policy = [ nomad_custom_policy = [
{ {